The course is part of this learning path
The services within the AWS Management Fundamentals course focus on maintaining and monitoring AWS applications and systems, to ensure they are compliant, properly configured, operating at required utilization thresholds, and protected from any potential outside threats.
This course covers a range of different services, including:
AWS Trusted Advisor
AWS Personal Health Dashboard
- Describe the basic functions that each service in this course performs within a cloud solution
- Recognize the basic components and features of each AWS management service in this course
- Understand the role each service plays to maintain a properly operating application on AWS
This course is has been designed for:
- Anyone preparing for the AWS Certified Cloud Practitioner.
- Managers, sales professionals and other roles within the cloud where a relatively non-technical understanding of AWS compute services is desired.
Before reading this example, you should have a general understanding of the basic concepts of cloud computing. If you are familiar with common compliance requirements for IT systems, this will also help.
If you have thoughts or suggestions for this course, please contact Cloud Academy at email@example.com.
- [Instructor] Hello and welcome to this lecture. What is AWS Trusted Advisor? Well I'm going to explain what the service is and does and the different elements that make up this service. So this is a service that has been within the AWS Service Library since 2013 and it plays an integral part in helping and aiding you to optimize your infrastructure across a number of key areas. The service itself can be found within the AWS Management Console under Management Tools alongside services such as AWS Config, AWS CloudTrial, and Amazon CloudWatch, et cetera.
The main function of Trusted Advisor is to recommend improvements across your AWS account, to help optimize and hone your environment based on AWS Best Practices. These recommendations cover four distinct categories. Cost Optimization, which helps to identify ways in which you could optimize your resources to save money. Performance, this scans your resources to highlight any potential performance issues across multiple services.
Security, this category analyzes your environment for any potential security weaknesses or vulnerabilities. And Fault Tolerance, which suggests Best Practices to maintain service operations by increasing resiliency should a fault or incident occur across your resources. Within each of these four categories, Trusted Advisor has a list of checks based on AWS Best Practices, and it will use these checks to see how your account, resources and architecture is implemented to determine if you're aligned with them or not.
So it essentially acts as an automatic auditor across your account, which can save you money, increase the efficiency of your resources, maintain a tighter and more secure environment, and help to ensure your resources remain operational should a failure occur. Between the four categories and at the time of writing in this course, there are over 50 different Best Practices that the service checks your resources against.
Although there are a lot of these checks that Trusted Advisor can perform, not all of them are free, available to anyone with an AWS account. The list of checks that you have access to is very dependent on the Support Agreement you hold with AWS. The full power and potential of AWS Trusted Advisor is only really available if you have a Business or Enterprise support plan with AWS.
Without either of these plans then you will only have access to six core checks that are freely available to everyone. These free core checks are split between the Performance and Security categories, with the majority of them being related to Security. The six checks are as follows. Service Limits under the Performance category. And then within the Security category, we have Security Groups Specific Ports Unrestricted, Amazon EBS Public Snapshots, Amazon RDS Public Snapshots, IAM Use, and MFA on root account.
Now if you compare this list to the full list of checks that are included with Business and Enterprise support plans you'll see that this list can provide a huge wealth of valuable information to help you optimize your infrastructure. In addition to these extra checks that these support plans offer, you will also get the additional benefit of being able to administer certain functions of Trusted Advisor using the AWS Support API such as Retrieve and Refresh Trusted Advisor results.
Also, you'll have the added advantage of being able to track the most recent changes to your AWS account by bringing them to the top of your AWS Trusted Advisor Dashboard. There are also a number of other features that everyone has access to, including those outside of the Enterprise and Business support plans. These being Trusted Advisor Notifications. This is an opt-in or opt-out feature which is completely free to everyone and can be configured within the preferences pane of the Trusted Advisor console.
It tracks your resource check changes and cost savings estimates over the cost of a week and it will then email up to three recipients containing those details within a report. Exclude Items. This allows you to select specific resources to be excluded from appearing in the console within a specific check. You may to want to do this if you are not interested in the reporting for that particular resource and so you decide to exclude it.
You can decide to include it again at any point if you do change your mind. This feature can make viewing and managing your checks easier by eliminating some resources with the console. Action Links. Many of the items identified within the checks against resources have hyperlinks associated. These are known as Action Links, which then leads you on to remediate the issue identified. For example, if you reached 80% of the number of VPCs within a region, the Service Limit check would highlight this as an issue.
The Action Link against the resource would lead you to an AWS Support Center page to create a case to increase the quantity of VPCs you are allowed within a single region. Access Management. AWS Trusted Advisor is tightly integrated with Identity and Access Management, IAM. You can grant different levels of access to Trusted Advisor, including Full access, read only, or even restrict access down to specific categories, checks and actions.
Refresh. The data within Trusted Advisor is automatically refreshed if the data is more than 24 hours old, when you view it within the console. However, after any refresh you can perform a manual refresh five minutes after the previous refresh. You can either choose to perform a refresh against individual checks or against all of the checks. Before I finish this lecture, I just want to give a high level overview of how Trusted Advisor works in an few simple steps. Once you connect to AWS Trusted Advisor, the service will scan your infrastructure.
It will then compare the state of your infrastructure against Best Practices defined within the four categories of Cost Optimization, Security, Performance and Fault Tolerance. The output of this scan can generate a number of recommendations of how your infrastructure could be optimized. This then allows you to optimize your resources based on the recommendations.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 60++ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.